top of page

Trimarc January Newsletter

Happy New Year, Trimarc Subscribers! We realize the time normal people say that was about 2.5 weeks ago but, in our defense, it’s cold in the Northeast and our blankets are warm. Luckily, we’ve learned how to work from under our covers and we’ve got a TON of new stuff to show you. Early Access to Trimarc Vision is officially live, our expansion pack for Backdoors & Breaches is finished, new blogs, and of course news from in and around the industry.



We’ve been teasing about our latest product for months and we officially launched Early Access during Shmoocon in January of this year. Yes, there have been press releases. Yes, we’ve got marketing copy for days. However, we think it’s better just to show you what Trimarc Vision is all about and that is as the next leap in your Active Directory security posture. Trimarc Vision answers some of the most important questions about your Active Directory environment that you can ask, including:

·       What is the current security posture status of all my Active Directory forests?

·       What risk do I have in my environment with Active Directory?

·       What should I be most worried about in Active Directory when it comes to potential/probable attacks?

·       What actions can I take today/tomorrow/this week to best mitigate the impact of an attack on my Active Directory?

·       Are there new critical issues in Active Directory that we don’t know about related to system changes or recent attack evolutions?

Back in December, our founder and CTO Sean Metcalf did an hour-long webcast about Vision complete with demo scenarios. You can view the entire hour or view individual segments in our playlist, available here on our YouTube channel.



For more information and to sign up for Early Access, visit

Trimarc Backdoors & Breaches Expansion Pack

An entire year in the making, we are thrilled to announce the arrival of our expansion pack for the wildly popular Backdoors and Breaches Incident Response tabletop game from Blackhills Information Security. Backdoors & Breaches is an Incident Response Card Game, from Black Hills Information Security and Active Countermeasures. Backdoors & Breaches contains 52 unique cards to help you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.

Our expansion deck will be available for sale and online play by the end of this month. Until then, if you’d like your own physical copy of the expansion plus a core B&B deck, come see us at BSides Charm (information below) or email


Trimarc Crypto Challenge

The Trimarc Challenge is a five (5) puzzle CTF, each will have you stretch your mind and knowledge.

Trimarc SME Talk

Things we talk about in the Trimarc work chat that are relevant to your business.


VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."

“Microsoft Entra Domain Services is a cloud-based solution that provides a classic Active Directory domain in the cloud without the hassle of maintaining your own infrastructure. Using Domain Services, you can easily integrate your cloud and on-premises resources using trust relationships.We’re now adding two-way trust relationships to Domain Services and we’d like to invite you to get an early look.”

“What kind of security feature could be bypassed by successfully exploiting this vulnerability?

The authentication feature could be bypassed as this vulnerability allows impersonation.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

This vulnerability could be triggered when a user connects a Windows client to a malicious server.

How could an attacker exploit this vulnerability?

When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol.”


Upcoming Events




Feb. 9th, 2024: Sean Metcalf will be giving a presentation at the February ISACA meetup in Springfield Missouri titled “The Current State of Microsoft Identity Security (Active Directory & Azure AD / Entra ID): Common Security Issues and Misconfigurations”. 


Upcoming Webcasts


Trimarc Publications


“Recent incident response reports tracking the steps of real attacker's sound like something out of a fairytale. Attackers have become craftier, more patient, and more creative. As a defender, I believe the best way to combat creative attackers is to become more creative ourselves. Looking beyond what attackers have historically done puts the defender into a mindset limited only by their own imagination.”

To keep up with all of our most recent blogs, whitepapers, and research, visit

Trimarc’s Top 3 Blogs of 2023


While our editors are putting the finishing touches on our latest wordsmithing, here are the Trimarc blogs you found most interesting in 2023.

Trimarc Media


Video On Demand





Trimarc Vision™ can help you answer the question: “What is the current security posture status of ALL my Active Directory forests?”

Tune in to an exclusive discussion featuring TrustedSec Founder & CEO David Kennedy and Trimarc Security Founder & CTO Sean Metcalf as they delve into emerging challenges within the cybersecurity landscape. Together, they'll offer a dual perspective on the intricate issues currently confronting the industry and provide unprecedented insight into the workings of TrustedSec and Trimarc Security, giving a unique glimpse behind the scenes.


Enterprise Security Weekly


Sean Metcalf is a cohost on the Enterprise Security Weekly podcast, part of the greater Security Weekly kingdom. Check out past episodes here. 


Trimarc Twitch Happy Hour

Our live Twitch Happy Hour happens every Friday at 2pm ET on If you don’t have the cycles to watch a full video stream live, you can catch past episodes in the following formats:


Our Favorite Episodes from 2023:



All Trimarc Services



Why get an ADSA? Jake Hildreth from our Identity Security Team would love to tell you.


“Companies that get an ADSA regularly report back to us that their red teams and pentesters have a much harder time finding vulnerabilities in their environment. If the good folks with intimate knowledge of your systems are having trouble finding cracks, the bad folks with fresh eyes will probably have big troubles.”


The Trimarc ADSA identifys multiple potential AD escalation paths and provide recommendations that are actionable, prioritized, & customized. Our recommendations can be implemented quickly (and phased in over time) to effectively mitigate your risks. 





Why get an MCSA? Scott Blake, Director of Trimarc Services is happy to explain.


“Azure/Entra ID is already establishing itself as the next security boundary frontier. While certainly not as exploitation prone as its older sibling On-Prem Active Directory (not a fair comparison given that AD has been around since 1999), it already contains known attack vectors, poor default configurations, and lots of potential for creating a secure environment for your data and users or an easy target for would-be hackers.

It is undeniable that Entra ID is one of the most valuable components of your organization and, as such, requires a thorough understanding of the platform to ensure it follows a defense-in-depth mindset. Trimarc's MCSA offering is designed to provide the most informed security view of Entra ID available on the market today with actionable steps to better securing this critical resource.”   

The MCSA identifies issues in your Azure AD & Microsoft Office 365 tenant that attackers could leverage to access data, escalate permissions, and persist.


“The focus on VMware virtual infrastructure security is long past due. VMware is the defacto virtualization system for practically all medium and large organizations hosting critical workloads. VMware vSphere hosts sensitive servers such as Active Directory domain controllers, Active Directory Federation Services (ADFS) servers, and hybrid cloud integration systems. Attackers have realized that gaining access, sometimes even full control, to VMware often enables them full access to the most important servers and services in any company. Ransomware threat actors have followed suit. Leveraging VMware privileged access, they deploy crippling malicious code to many organizations around the world.”

As virtualization technology continues to evolve, security will remain a top priority for VMware and its users, with ongoing efforts to improve and enhance the security of vSphere. Our goal with the VISA to help facilitate practical solutions to help security professionals and CTOs protect their virtual infrastructure against potential threats.


Contact Trimarc

For all our links to Twitter, YouTube, Github and more, visit  

129 views0 comments

Recent Posts

See All


bottom of page